Helpers/Convert-EventLogObject.ps1


function Convert-EventLogObject
{
    [CmdletBinding()]
    param
    (
        [Parameter(Mandatory = $true)]
        $Record,

        [Parameter(Mandatory = $true)]
        [System.Collections.Hashtable]
        $Map
    )

    $activity = New-Object -TypeName PSObject -Property @{
        ComputerName = $Record.MachineName.Split('.')[0]
        TimeCreated  = $Record.TimeCreated
        Id           = $Record.Id
        Activity     = $Map[$Record.Id].Activity
        Event        = $Map[$Record.Id].Event
        Type         = ''
        Reason       = ''
        Username     = ''
        Computer     = ''
        Process      = ''
        Comment      = ''
    }

    $activity.PSTypeNames.Insert(0, 'SecurityFever.ActivityRecord')

    Write-Output $activity
}